While I get the results you describe with the testcase you've provided,
I don't think the description is completely accurate.
I performed my testing on:
Linux hunt 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
I went far simpler:
cp /bin/bash /tmp/
Use this profile:
/tmp/bash {
/tmp/bash rmix,
/lib/** rm,
/dev/tty rw,
}
apparmor_parser tmp.bash
Start the /tmp/bash shell, try to run 'ls':
bash: /bin/ls: Permission denied
Add /bin/ls rmix, to the profile
apparmor_parser --replace tmp.bash
Try ls again and you get a new error:
ls: cannot open directory .: Permission denied
Add /tmp/ r, to the profile, reload and re-ls, and it works.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1236455
Title:
Running tasks are not subject to reloaded policies
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1236455/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
